package com.xiaotu.security.config;

import com.xiaotu.security.handle.MyAuthenticationFailureHandler;
import com.xiaotu.security.handle.MyAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;

/**
 * @author Mr.zhang
 * @create 2021-11-21 17:17
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //表单提交
        http.formLogin()
                .usernameParameter("username123")
                .passwordParameter("password123")
                //当发现/login时认为是登录，必须和表单提交的地址一样，去执行UserDetailsServiceImpl
                .loginProcessingUrl("/login")
                //自定义登录页面
                .loginPage("/login.html")
                //登录成功之后跳转的页面
                .successForwardUrl("/toMain")
                //登录成功之后处理器，不能和successForwardUrl 共存
                //.successHandler(new MyAuthenticationSuccessHandler("/main.html"))
                //登录失败后跳转页面，post请求
                .failureForwardUrl("/toError");
                //登录失败之后处理器，不能和failureForwardUrl 共存
//                .failureHandler(new MyAuthenticationFailureHandler("/error.html"));


        /**
         * ?: 匹配一个字符
         * *: 匹配0个或多个字符
         * **: 匹配0个或多个目录
         */

        //授权认证
        http.authorizeRequests()
                //login.html 不需要被认证
                //所有的请求都必须被认证，必须登录之后被访问
                //.antMatchers("/login.html","/error.html").permitAll()
                .antMatchers("/login.html","/error.html").access("permitAll()")
                .antMatchers("/is/**","/css/**","/images/**").permitAll()
                //.mvcMatchers("/demo").servletPath("/xxxx").permitAll()
                //.antMatchers("/main1.html").hasAuthority("admin")
                //main1.html 是否拥有 admiN admin 权限访问
                //.antMatchers("/main1.html").hasAnyAuthority("admiN","admin")
                //.antMatchers("/main1.html").hasRole("abC")
                //.antMatchers("/main1.html").hasAnyRole("abC","abc")
                //.antMatchers("/main.html").hasIpAddress("127.0.0.1")
                .anyRequest().authenticated();
                //.anyRequest().access("@myServiceImpl.hasPermission(request,authentication)");

        //关闭csrf
        http.csrf().disable();

        //异常处理
        http.exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler);

    }

    @Bean
    public PasswordEncoder getPw(){
        return new BCryptPasswordEncoder();
    }

}
